I run the gnome desktop environment, so gnome-keyring is enabled by default. I do not want gnome-keyring to remember the passwords to my ssh-keys. Or at least I do not want it to remember the passwords forever, maybe set a timeout for 5 minutes or something. I searched through the NixOS options, but did not see anything obvious to accomplish this. The only thing I found was enable option, but when I disabled this it conflicts with enabling the gnome desktop environment. I also looked through the home-manager option, where I removed ssh from the following option, but this does not seem to have changed the behavior.
The home-manager module creates a new systemd user service that starts the requested components but you need to enable it with services.gnome-keyring.enable = true in your home-manager configuration.
But since the GNOME NixOS module enables the gnome-keyring module by default, it will still start the ssh component. And because gnome-keyring currently uses XDG autostart files instead of systemd services, it is not possible to nicely disable it.
You could try force-disabling the NixOS module using services.gnome.gnome-keyring.enable = lib.mkForce false; in NixOS configuration but that will likely break something – many GNOME apps expect GNOME Keyring services to be available and the module does some things not done by home-manager. So you should probably leave the home-manager option alone, it is mainly meant for non-GNOME desktop environments.
If the recommendation on the Arch wiki is correct, you should be able to mask the autostart file, and change SSH_AUTH_SOCK environment variable, though.
Thanks for the solutions posted here! I had a conflict with gnome-keyring and gpg-agent both spawning an ssh-agent. I wanted to completely disable that functionality in gnome-keyring because I am not using gnome-keyring at all.